Abstract
Password-based authentication is the most commonly used method to authenticate users to get online services. In password-based authentication, the users must remember all their complex passwords and also need to update them constantly. Since users do not utilize high-entropy passwords, password-based authentication mechanisms are susceptible to offline password-guessing attacks. Passwordless authentication protocol has therefore been developed by researchers. In this work, we propose a secure authentication mechanism that combines a password-protected biometric with physically unclonable functions (PUF). PUF authentication is a cryptographic technology used to provide secure authentication. PUF authentication works by using the physical characteristics of a device to generate a unique cryptographic key. This key is then used to authenticate the device and grant access to protected resources. PUF authentication can be used to protect data, networks, and communication systems from unauthorized access. The technology is also used to protect against replay attacks, man-in-the-middle attacks, and other forms of malicious activity. PUF authentication is cost-effective and provides a high level of security. Our suggested methodology gets over issues with existing systems including Key Compromise Impersonation Attacks, Wrong Login, and Server Registration Complexity. The proposed protocol is validated using“Automated Validation of Internet Security Protocols and Applications (AVISPA)” and Scyther tool and its security is explicitly demonstrated by“BAN Logic”. Furthermore, by contrasting several parameter metrics with those of the existing systems, the efficiency of our technique is highlighted.
Similar content being viewed by others
Data availability
The data used to support the findings of this study are available from the corresponding author.
References
Goertzel KM, Hamilton BA (2013) Integrated circuit security threats and hardware assurance countermeasures. CrossTalk 26(6):33–38
Bruce Schneier (2018) Click here to kill everybody: security and survival in a hyper-connected world. WW Norton & Company, New York
Woolf N (2016) Ddos attack that disrupted internet was largest of its kind in history, experts say. The Guardian 26
Holloway M (2015) Stuxnet worm attack on Iranian nuclear facilities. Retrieved April, 13:2017
Lamport L (1981) Password authentication with insecure communication. Commun ACM 24(11):770–772
Wang D, Wang P (2016) Two birds with one stone: Two-factor authentication with security beyond conventional bound. IEEE Trans Dependable Secure Comput 15(4):708–722
Bian W, Gope P, Cheng Y, Li Q (2020) Bio-aka: an efficient fingerprint based two factor user authentication and key agreement scheme. Futur Gener Comput Syst 109:45–55
Qiu S, Wang D, Xu G, Kumari S (2020) Practical and provably secure three-factor authentication protocol based on extended chaotic-maps for mobile lightweight devices. IEEE Transactions on Dependable and Secure Computing 19(2):1338–1351
Wiercioch A, Teufel S, Teufel B (2018) The authentication dilemma. J Commun 13(8):443–449
Tsai C-H, Pin-Chang S (2021) The application of multi-server authentication scheme in internet banking transaction environments. IseB 19(1):77–105
Rehman HU, Ghani A, Chaudhry SA, Alsharif MH, Nabipour N (2021) A secure and improved multi server authentication protocol using fuzzy commitment. Multim Tools Appl 80(11):16907–16931
Jiang Y, Zhu Y, Wang J, Xiang Y (2020) Efficient authentication protocol with anonymity and key protection for mobile internet users. J Parallel Distrib Comput 137:179–191
Barman S, Das AK, Samanta D, Chattopadhyay S, Rodrigues PY (2018) Provably secure multi-server authentication protocol using fuzzy commitment. IEEE Access 6:38578–38594
Dongqing X, Chen J, Liu Q (2019) Provably secure anonymous three-factor authentication scheme for multi-server environments. J Ambient Intell Humaniz Comput 10(2):611–627
Chatterjee S, Roy S, Das AK, Chattopadhyay S, Kumar N, Vasilakos AV (2016) Secure biometric-based authentication scheme using Chebyshev chaotic map for multi-server environment. IEEE Trans Dependable Secur Comput 15(5):824–839
Islam SK (2014) A provably secure id-based mutual authentication and key agreement scheme for mobile multi-server environment without esl attack. Wirel Pers Commun 79(3):1975–1991
Ying B, Nayak A (2019) Lightweight remote user authentication protocol for multi-server 5g networks using self-certified public key cryptography. J Netw Comput Appl 131:66–74
Palit SK, Chakraborty M, Chakraborty S (2023) Performance analysis of 5gmaka: lightweight mutual authentication and key agreement scheme for 5g network. J Supercomput 79(4):3902–3935
Reddy AG, Yoon E-J, Das AK, Odelu V, Yoo K-Y (2017) Design of mutually authenticated key agreement protocol resistant to impersonation attacks for multi-server environment. IEEE Access 5:3622–3639
Wang J, Zhu Y, Maqbool S et al (2021) An efficient hash-based authenticated key agreement scheme for multi-server architecture resilient to key compromise impersonation. Digit Commun Netw 7(1):140–150
Burrows M, Abadi M, Needham R (1990) A logic of authentication. ACM Trans Comput Syst (TOCS) 8(1):18–36
Kocher P, Jaffe J, Jun B (1999) Differential power analysis. In: Annual International Cryptology Conference. Springer, pp 388–397
Messerges TS, Dabbish EA, Sloan RH (2002) Examining smart-card security under the threat of power analysis attacks. IEEE Trans Comput 51(5):541–552
Chun JY, Hwang JY, Lee DH (2009) A note on leakage-resilient authenticated key exchange. IEEE Trans Wirel Commun 8(5):2274–2279
Fouda MM, Fadlullah ZM, Kato N, Lu R, Shen XS (2011) A lightweight message authentication scheme for smart grid communications. IEEE Trans Smart Grid 2(4):675–685
Li C-T, Weng C-Y, Lee C-C (2013) An advanced temporal credential-based security scheme with mutual authentication and key agreement for wireless sensor networks. Sensors 13(8):9589–9603
Shi W, Gong P (2013) A new user authentication protocol for wireless sensor networks using elliptic curves cryptography. Int J Distrib Sens Netw 9(4):730831
Alzahrani BA, Chaudhry SA, Barnawi A, Al-Barakati A, Shon T (2020) An anonymous device to device authentication protocol using ecc and self certified public keys usable in internet of things based autonomous devices. Electronics 9(3):520
Shivraj VL, Rajan MA, Singh M, Balamuralidhar P (2015) One time password authentication scheme based on elliptic curves for internet of things (iot). In: 2015 5th National Symposium on Information Technology: Towards New Smart World (NSITNSW). IEEE, pp 1–6
Hammi B, Fayad A, Khatoun R, Zeadally S, Begriche Y (2020) A lightweight ecc-based authentication scheme for internet of things (iot). IEEE Syst J 14(3):3440–3450
Upadhyay D, Gaikwad N, Zaman M, Sampalli S (2022) Investigating the avalanche effect of various cryptographically secure hash functions and hash-based applications. IEEE Access 10:112472–112486
Lee W-K, Jang K, Song G, Kim H, Hwang SO, Seo H (2022) Efficient implementation of lightweight hash functions on gpu and quantum computers for iot applications. IEEE Access 10:59661–59674
Vishwakarma L, Nahar A, Das D (2022) Lbsv: Lightweight blockchain security protocol for secure storage and communication in sdn-enabled iov. IEEE Trans Veh Technol 71(6):5983–5994
Aman MN, Chua KC, Sikdar B (2017) Mutual authentication in iot systems using physical unclonable functions. IEEE Internet Things J 4(5):1327–1340
Chatterjee U, Chakraborty RS, Mukhopadhyay D (2017) A puf-based secure communication protocol for iot. ACM Trans Embed Comput Syst (TECS) 16(3):1–25
Braeken A (2018) Puf based authentication protocol for iot. Symmetry 10(8):352
Li S, Huang Y, Yu B, Bao B (2019) A puf-based low cost secure communication scheme for iot. Acta Elect Sin 47(4):812
Sudhakar T, Natarajan V, Gopinath M, Saranyadevi J (2020) An enhanced authentication protocol for multi-server environment using password and smart card. Wirel Pers Commun 115:2779–2803
Kumar A, Om H (2018) An improved and secure multiserver authentication scheme based on biometrics and smartcard. Digit Commun Netw 4(1):27–38
Yu S, Park Y (2022) A robust authentication protocol for wireless medical sensor networks using blockchain and physically unclonable functions. IEEE Internet Things J 9(20):20214–20228
Chen Y, Chen J (2021) An efficient mutual authentication and key agreement scheme without password for wireless sensor networks. J Supercomput 77(12):13653–13675
Zhang H, Bian W, Jie B, Deqin X, Zhao J (2021) A complete user authentication and key agreement scheme using cancelable biometrics and puf in multi-server environment. IEEE Trans Inf Forensics Secur 16:5413–5428
Li S, Zhang T, Bin Yu, He K (2020) A provably secure and practical puf-based end-to-end mutual authentication and key exchange protocol for iot. IEEE Sens J 21(4):5487–5501
Chaterjee U, Mukhopadhyay D, Chakraborty RS (2020) 3paa: A private puf protocol for anonymous authentication. IEEE Trans Inf Forensics Secur 16:756–769
Ayub MF, Saleem MA, Altaf I, Mahmood K, Kumari S (2020) Fuzzy extraction and puf based three party authentication protocol using usb as mass storage device. J Inf Secur Appl 55:102585
Zerrouki F, Ouchani S, Bouarfa H (2022) Puf-based mutual authentication and session key establishment protocol for iot devices. J Ambient Intell Humaniz Comput 1–19
Frikken KB, Blanton M, Atallah MJ (2009) Robust authentication using physically unclonable functions. In: International Conference on Information Security. Springer, pp 262–277
Jiang Q, Zhang X, Zhang N, Tian Y, Ma X, Ma J (2021) Three-factor authentication protocol using physical unclonable function for iov. Comput Commun 173:45–55
Chikouche N, Cayrel P-L, Mboup EHM, Boidje BO (2019) A privacy-preserving code-based authentication protocol for internet of things. J Supercomput 75:8231–8261
Shao X, Guo Y, Guo Y (2022) A puf-based anonymous authentication protocol for wireless medical sensor networks. Wirel Netw 28(8):3753–3770
Mall P, Amin R, Das AK, Leung MT, Choo KKR (2022) Puf-based authentication and key agreement protocols for iot, wsns, and smart grids: a comprehensive survey. IEEE Internet Things J 9(11):8205–8228
Pappu R, Recht B, Taylor J, Gershenfeld N (2002) Physical one-way functions. Science 297(5589):2026–2030
Mostafa A, Lee SJ, Peker YK (2020) Physical unclonable function and hashing are all you need to mutually authenticate iot devices. Sensors 20(16):4361
Banerjee S, Odelu V, Das AK, Chattopadhyay S, Rodrigues JJPC, Park Y (2019) Physically secure lightweight anonymous user authentication protocol for internet of things using physically unclonable functions. IEEE Access 7:85627–85644
Boyen X (2004) Reusable cryptographic fuzzy extractors. In: Proceedings of the 11th ACM Conference on Computer and Communications Security. pp 82–91
Glouche Y, Genet T, Heen O, Courtay O (2006) A security protocol animator tool for avispa. In: ARTIST2 Workshop on Security Specification and Verification of Embedded Systems, Pisa. pp 1–7
Armando A, Basin D, Cuellar J, Rusinowitch M, Viganò L (2006) Avispa: automated validation of internet security protocols and applications. ERCIM News 64(January)
Cremers CJF et al (2006) Scyther: Semantics and verification of security protocols. Eindhoven University of Technology Eindhoven, Netherlands
Yadav AK, Braeken A, Misra M (2023) Symmetric key-based authentication and key agreement scheme resistant against semi-trusted third party for fog and dew computing. J Supercomput, pp 1–39
Chen R, Mou Y, Zhang M (2022) A novel three-factor authentication scheme with high security for multi-server environments. Wirel Personal Commun 1–19
Li J, Su Z, Guo D, Choo K-KR, Ji Y (2021) Psl-maaka: Provably secure and lightweight mutual authentication and key agreement protocol for fully public channels in internet of medical things. IEEE Internet Things J 8(17):13183–13195
Tsobdjou LD, Pierre S, Quintero A (2021) A new mutual authentication and key agreement protocol for mobile client-server environment. IEEE Trans Netw Serv Manag 18(2):1275–1286
Andola N, Prakash S, Gahlot R, Venkatesan S, Verma S (2022) An enhanced smart card and dynamic id based remote multi-server user authentication scheme. Cluster Comput 25(5):3699–3717
Wang W, Chen Q, Yin Z, Srivastava G, Gadekallu TR, Alsolami F, Su C (2021) Blockchain and puf-based lightweight authentication protocol for wireless medical sensor networks. IEEE Internet Things J 9(11):8883–8891
Kumar P, Om H (2022) A secure and efficient authentication protocol for wireless applications in multi-server environment. Peer-to-Peer Netw Appl 15(4):1939–1952
Idriss TA, Idriss HA, Bayoumi MA (2021) A lightweight puf-based authentication protocol using secret pattern recognition for constrained iot devices. IEEE Access 9:80546–80558
Roy S, Das D, Mondal A, Mahalat MH, Sen B, Sikdar B (2022) Plake: Puf based secure lightweight authentication and key exchange protocol for iot. IEEE Internet Things J
Acknowledgements
The authors would like to thank VIT-AP University, the editors and the reviewers. The authors would like to thank Dr. T. Sudhakar and Dr. S. Sibi Chakkaravarthy, Associate Professor, SCOPE, VIT-AP University for his support. The authors would like to thank Dr.Umakanta Nanda, Professor and Dean, SENSE, VIT-AP University for his continuous support and encouragement. A special thanks to Dr. Hari Seetha and the team members of Center of Excellence, Cyber Security & Artificial Intelligence and Robotics (AIR), VIT-AP University.
Funding
No funding agencies. This work is carried out as part of my doctoral committee.
Author information
Authors and Affiliations
Contributions
EPK: Conceptualization, Methodology & implementation. SP: Supervision, Writing—review & editing.
Corresponding author
Ethics declarations
Conflict of interest
The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper.
Ethical approval
Not applicable.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Praveen Kumar, E., Priyanka, S. A password less authentication protocol for multi-server environment using physical unclonable function. J Supercomput 79, 21474–21506 (2023). https://doi.org/10.1007/s11227-023-05437-3
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11227-023-05437-3